Ask any IT professional what words and phrases spring to mind when you mention the words "organizational politics," and nine times out of 10 you will get responses such as:

In recent years, a number of seminal books have helped to define the software security field [1, 2, 8]. The approach to "building security in" introduced in these books has been enhanced and expanded by practitioners and published in various technical articles, including the "Building Security In" series in IEEE Security & Privacy.

Enterprise architecture, business architecture, technology architecture, information architecture, federated architecture, domain architecture, product family architecture, platform architecture, solution architecture, system architecture, software architecture ...

Everyone wants new management offices. It seems that a preferred response to management problems of many kinds is to create a new office responsible for something fairly specific. The ones that come immediately to mind are project management offices (PMOs), process management offices (PMOs again -- causing, of course, some confusion among the acronym crowd), and vendor management offices (VMOs). What are these offices, and who are these people? And why are there so many of them?

One of the seemingly eternal debates in information technology is whether to handle development and other IT tasks internally or to outsource them to a domestic or foreign vendor. Outsourcing offers a number of obvious benefits, such as saving money, reducing the cost of overnight processing by shifting work to an overseas vendor, or simply fulfilling a short-term need for additional skilled technical talent without having to hire new employees.

There's an old saying: "If you don't know where you are going, any road will get you there." This is especially true of process-improvement initiatives. Most change initiatives start out with a clear sense of goal (better, faster cheaper) yet stumble when all the energy and effort seem to fail to produce lasting change. How does the implementation fail if the vision seems clear?

Central and Eastern Europe (CEE), 1 including the Czech Republic, Poland, Hungary, Romania, and Latvia, has been ranked among the top locations for outsourcing IT work. 2 Yet knowledge of sourcing to this region, with its advantages and disadvantages, is limited and rather vague. In most books on IT sourcing, these countries appear under the heading of "other," following India, China, and Russia, and little information is provided about sourcing to these locations [7].

Early last year, the FBI finally cancelled its Virtual Case File (VCF) system project after spending more than US $100 million on it.

All change must be auditable, and all unauthorized change must be investigated.